7 matches found
The state of HTTP clients in Spring
This is a new blog post in the Road to GA series, this time exploring the new capabilities of our HTTP clients. This is also a good time to reflect on the state of HTTP clients in Spring, so we will use this opportunity to explain an important announcement: we are officially deprecating...
GHSA-H6J3-J35F-V2X7 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. netresearch/jsonmapper allows objects to be hydrated from scalar types in JSON. However, due to the lack of validation in the code for this feature, it may output improperly initialized objects if applied to...
GHSA-92JH-GWCH-JQ38 PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to the particular handling of NULL types in the json mapper which accepts NULL type values in typed arrays which PocketMine-MP did not expect. Code processing arrays in the JSON data could the...
GHSA-PQP3-8RRW-G8VM PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
Impact An attacker could crash PocketMine-MP by sending malformed JSON in LoginPacket. This happened due to a bug in netresearch/jsonmapper. The library wasn't doing proper checks when mapping JSON arrays and objects onto scalar model properties such as strings. Patches The problem was fixed in a...
PT-2023-33049 · Unknown · Netresearch/Jsonmapper +1
Name of the Vulnerable Software and Affected Versions: PocketMine-MP versions prior to 4.20.5 PocketMine-MP versions prior to 4.21.1 Description: An attacker could crash PocketMine-MP by sending malformed JSON in the LoginPacket. This issue occurred due to a bug in the netresearch/jsonmapper...